Stir Friday Sneak Peek – Security News Update for December 28, 2018

Here’s this week’s preview of our “Stir Friday” security awareness newsletter, featuring a look at the major cybersecurity news stories from the past week.

Stir Friday

Cybersecurity Stories from the Past Week

Caribou Coffee reports data breach including payment information at 265 stores

Customer data was stolen from 265 Caribou Coffee locations, the Minneapolis-based coffee chain said on Thursday.

In a very interesting and unusual move, the press release from Caribou actually listed the locations of all 265 affected outlets.

Feds Disrupt Top Stresser/Booter Services

Fifteen of the world’s biggest stresser/booter services, designed to enable users to launch distributed denial-of-service (DDoS) attacks against sites on demand, have been shut down, and three men have been charged.

This is an amazing development. You don’t often hear of arrests of the criminals who construct and/or use large scaled DDoS operations. Nice investigative work by the FBI and other law enforcement agencies. The criminal complaint against two of the defendants makes for interesting reading, especially if you don’t know much about the mechanics of DDoS operations. You can read the Federal criminal complaint here.

San Diego School District Data Breach Hits 500k Students

A phishing attack against California’s San Diego Unified School District has led to hackers obtaining Social Security Numbers and addresses of more than 500,000 students and staff.

We’ll never be rid of the scourge of phishing until users pay better attention (an uphill climb but worth the fight) and organizations use two-factor authentication (a much easier and reliable fix but … here we are).

A Devious Phishing Scam Targets Apple Customers

This month, a bogus App Store email convincing victims to give personal information is the latest in phishing attacks disguised to be from Apple.

It’s been common for years for phishing emails to appear as though they are coming from major banks for retailers. If you want to catch more “phish,” cast the widest net possible.

Subscribe for More Insights and Details

If you’d like to receive the full breakdown and commentary on the biggest cybersecurity stories in the news, subscribe to the Stir Friday newsletter, delivered straight to your mailbox … you guessed it, every Friday!

Security & Intelligence
Posted on December 28, 2019 by David Smith